Trust Wallet users have lost an estimated US$7 million after a compromised Chrome browser extension was used to steal cryptocurrency, according to reports cited by CoinDesk.
The incident involved a malicious version of a Trust Wallet-related Chrome extension that enabled attackers to gain access to users’ private keys and seed phrases, allowing them to drain wallets without triggering immediate suspicion. Affected users reported unauthorised transactions shortly after interacting with the extension, with funds quickly moved across multiple wallets to obscure tracking.
Cybersecurity analysts say the attack bears the hallmarks of a supply-chain compromise, where malicious code is inserted into a legitimate-looking extension and distributed through trusted channels. Once installed, the extension was able to monitor user activity and extract sensitive credentials used to control crypto assets.
Trust Wallet has warned users to immediately remove any suspicious or unofficial browser extensions and reiterated that it does not officially support a Chrome extension. The company said it is working with browser security teams and blockchain analytics firms to trace stolen funds and identify the attackers.
The theft adds to growing concerns about browser-based crypto security, particularly as wallet extensions and third-party tools become more popular entry points for users. Security experts continue to stress that seed phrases should never be entered into browser extensions or websites, and that hardware wallets remain the safest option for storing large holdings.
The attack follows a broader rise in crypto-related cybercrime in 2025, with phishing campaigns, fake wallet updates, and compromised extensions increasingly targeting retail users.
China intensifies crackdown on cryptocurrencies and targets stablecoins
